Difference between revisions of "Memory layout"
Line 185: | Line 185: | ||
The virtual memory located below 0x20000000 is process-unique, processes can't directly access memory for other processes. The virtual memory starting at 0x20000000 is only accessible in privileged-mode. When service [[Services API|commands]] are used, the kernel maps memory in the destination process for input/output buffers, where the addresses in the command received by the process is replaced by this mapped memory. When this is an input buffer, the buffer data is copied to the mapped memory. When this is an output buffer, the data stored in the mapped memory is copied to the destination buffer specified in the command. | The virtual memory located below 0x20000000 is process-unique, processes can't directly access memory for other processes. The virtual memory starting at 0x20000000 is only accessible in privileged-mode. When service [[Services API|commands]] are used, the kernel maps memory in the destination process for input/output buffers, where the addresses in the command received by the process is replaced by this mapped memory. When this is an input buffer, the buffer data is copied to the mapped memory. When this is an output buffer, the data stored in the mapped memory is copied to the destination buffer specified in the command. | ||
− | The physical address which memory for the application memory-type is mapped to begins at FCRAM+0, the total memory allocated for this memory-type is stored in [[Configuration_Memory]]. | + | The physical address which memory for the application memory-type is mapped to begins at FCRAM+0, the total memory allocated for this memory-type is stored in [[Configuration_Memory]]. Applications' exefs:/.code under the application memory-type is mapped at FCRAM + APPMEMALLOC - exefs:/.code size aligned to the page size. The application .bss is mapped immediately after this, at FCRAM+APPMEMALLOC. |
== System memory details == | == System memory details == |
Revision as of 07:25, 4 February 2013
ARM11 Physical memory regions
Address | Size | Description |
---|---|---|
0x0 | 0x10000 | Bootrom (super secret code/data @ 0x8000) |
0x10000 | 0x10000 | Bootrom mirror |
0x10000000 | ? | IO memory |
0x18000000 | 0x600000 | VRAM |
0x1FF00000 | 0x80000 | DSP memory |
0x1FF80000 | 0x80000 | AXI WRAM |
0x20000000 | 0x8000000 | FCRAM |
ARM11 Detailed physical memory map
18000000 - 18600000: VRAM 1FF80000 - 1FFAB000: Kernel code 1FFAB000 - 1FFF0000: SlabHeap [temporarily contains boot processes] 1FFF0000 - 1FFF1000: ? 1FFF1000 - 1FFF2000: ? 1FFF2000 - 1FFF3000: ? 1FFF3000 - 1FFF4000: ? 1FFF4000 - 1FFF5000: Exception vectors 1FFF5000 - 1FFF5800: Unused? 1FFF5800 - 1FFF5C00: 256-entry L2 MMU table for VA FF4xx000 1FFF5C00 - 1FFF6000: 256-entry L2 MMU table for VA FF5xx000 1FFF6000 - 1FFF6400: 256-entry L2 MMU table for VA FF6xx000 1FFF6400 - 1FFF6800: 256-entry L2 MMU table for VA FF7xx000 1FFF6800 - 1FFF6C00: 256-entry L2 MMU table for VA FF8xx000 1FFF6C00 - 1FFF7000: 256-entry L2 MMU table for VA FF9xx000 1FFF7000 - 1FFF7400: 256-entry L2 MMU table for VA FFAxx000 1FFF7400 - 1FFF7800: 256-entry L2 MMU table for VA FFBxx000 1FFF7800 - 1FFF7C00: MMU table but unused? 1FFF7C00 - 1FFF8000: 256-entry L2 MMU table for VA FFFxx000 1FFF8000 - 1FFFC000: ? 1FFFC000 - 20000000: 4096-entry L1 MMU table for VA xxx00000 20000000 - 28000000: Main memory
ARM11 Detailed virtual memory map
E8000000 - E8600000: mapped VRAM (18000000 - 18600000) EFF00000 - F0000000: mapped Internal memory (1FF00000 - 20000000) F0000000 - F8000000: mapped Main memory FF401000 - FF402000: mapped ? (27FC7000 - 27FC8000) FF403000 - FF404000: mapped ? (27FC2000 - 27FC3000) FF405000 - FF406000: mapped ? (27FBB000 - 27FBC000) FF407000 - FF408000: mapped ? (27FB3000 - 27FB4000) FF409000 - FF40A000: mapped ? (27F8E000 - 27F8F000) FFF00000 - FFF45000: mapped SlabHeap FFF60000 - FFF8B000: mapped Kernel code FFFCC000 - FFFCD000: mapped IO I2C second bus (10144000 - 10145000) FFFCE000 - FFFCF000: mapped IO PDC (10400000 - 10401000) FFFD0000 - FFFD1000: mapped IO PDN (10141000 - 10142000) FFFD2000 - FFFD3000: mapped IO PXI (10163000 - 10164000) FFFD4000 - FFFD5000: mapped IO PAD (10146000 - 10147000) FFFD6000 - FFFD7000: mapped IO LCD (10202000 - 10203000) FFFD8000 - FFFD9000: mapped IO ? (10140000 - 10141000) FFFDA000 - FFFDB000: mapped IO XDMA (10200000 - 10201000) FFFDC000 - FFFE0000: mapped ? (1FFF8000 - 1FFFC000) FFFE1000 - FFFE2000: mapped ? (1FFF0000 - 1FFF1000) FFFE3000 - FFFE4000: mapped ? (1FFF2000 - 1FFF3000) FFFE5000 - FFFE9000: mapped L1 MMU table for VA xxx00000 FFFEA000 - FFFEB000: mapped ? (1FFF1000 - 1FFF2000) FFFEC000 - FFFED000: mapped ? (1FFF3000 - 1FFF4000) FFFEE000 - FFFF0000: mapped IO IRQ (17E00000 - 17E02000) FFFF0000 - FFFF1000: mapped Exception vectors FFFF2000 - FFFF6000: mapped L1 MMU table for VA xxx00000 FFFF7000 - FFFF8000: mapped ? (1FFF1000 - 1FFF2000) FFFF9000 - FFFFA000: mapped ? (1FFF3000 - 1FFF4000) FFFFB000 - FFFFE000: mapped L2 MMU tables (1FFF5000 - 1FFF8000)
ARM11 User-land memory regions
Virtual Address Base | Physical Address Base | Region Max Size | Description |
---|---|---|---|
0x00100000 / 0x14000000 | 0x03F00000 | The ExeFS:/.code is loaded here, executables must be loaded to the 0x00100000 region when the exheader "special memory" flag is clear. The 0x03F00000-byte size restriction only applies when this flag is clear. Executables are usually loaded to 0x14000000 when the exheader "special memory" flag is set, however this address can be arbitrary. | |
0x08000000 | 0x08000000 | Heap mapped by ControlMemory | |
0x10000000-StackSize | StackSize from process exheader | Stack for the main-thread, initialized by the ARM11 kernel. The StackSize from the exheader is usually 0x4000, therefore the stack-bottom is usually 0x0FFFC000. The stack for the other threads is normally located in the process .data section however this can be arbitrary. | |
0x10000000 | 0x04000000 | Applications usually map this region for HID | |
0x14000000 | 0x08000000 | Can be mapped by ControlMemory, this can be used for the application's GSP heap. | |
0x1EC00000 | 0x10100000 | 0x01000000 | IO registers, the mapped IO pages which each process can access is specified in the CXI exheader.(Applications normally don't have access to registers in this range) |
0x1F000000 | 0x18000000 | 0x00600000 | VRAM, access to this is specified by the exheader. |
0x1FF00000 | 0x1FF00000 | 0x00080000 | DSP memory, access to this is specified by the exheader. |
0x1FF80000 | 0x1000 | Configuration Memory, all processes have access to this however write-permission to this page is specified by the exheader "Shared page writing" kernel flag. | |
0x1FF81000 | 0x1000 | Shared page, access to this is the same as 0x1FF80000. |
All executable pages are read-only, and data pages have the execute-never permission set. Normally .text from the loaded ExeFS:/.code is the only mapped executable memory. Executable CROs can be loaded into memory, once loaded the CRO .text section memory page permissions are changed via ControlProcessMemory from RW- to R-X. The address and size of each ExeFS:/.code section is stored in the exheader, the permissions for each section is: .text R-X, .rodata R--, .data RW-, and .bss RW-. The loaded .code is mapped to the addresses specified in the exheader by the ARM11 kernel. The stack permissions is initialized by the ARM11 kernel: RW-. The heap permissions is normally RW-.
All userland memory is mapped with RW permissions for privileged-mode. However, normally the ARM11 kernel only uses userland read/write instructions(or checks that the memory can be written from userland first) for accessing memory specified by SVCs.
The virtual memory located below 0x20000000 is process-unique, processes can't directly access memory for other processes. The virtual memory starting at 0x20000000 is only accessible in privileged-mode. When service commands are used, the kernel maps memory in the destination process for input/output buffers, where the addresses in the command received by the process is replaced by this mapped memory. When this is an input buffer, the buffer data is copied to the mapped memory. When this is an output buffer, the data stored in the mapped memory is copied to the destination buffer specified in the command.
The physical address which memory for the application memory-type is mapped to begins at FCRAM+0, the total memory allocated for this memory-type is stored in Configuration_Memory. Applications' exefs:/.code under the application memory-type is mapped at FCRAM + APPMEMALLOC - exefs:/.code size aligned to the page size. The application .bss is mapped immediately after this, at FCRAM+APPMEMALLOC.
System memory details
0xFFFF9004 Pointer to the current KProcess instance
Handles
The handle 0xFFFF8001 is a reference to the current KProcess.
VRAM Map While Running Webbrowser
- 0x1e6000-0x22C500 -- top screen framebuffer 0(240x400x3)
- 0x22C800-0x272D00 -- top screen framebuffer 1(240x400x3)
- 0x273000-0x2B9500 -- top screen framebuffer 2(240x400x3)
- 0x2B9800-0x2FFD00 -- top screen framebuffer 3(240x400x3)
- 0x48F000-0x4C7400 -- bottom screen framebuffer 0(240x320x3)
- 0x4C7800-0x4FF800 -- bottom screen framebuffer 1(240x320x3)